Meta

Time and again we hear it from agents considering doing sales meetings or other community events — “But what if a secret shopper comes?” While the concern is completely understandable given the potential ramifications of a CMS complaint, it’s also probably based more in fear than in reality.

They really don’t try to trap you – Secret shoppers may ask you a lot of questions, and they may be specifically asking questions related to areas of concern for CMS, but they won’t go out of their way to ask you the most obscure question possible and trick you into giving the wrong answer. Answer questions compliantly and be honest if you’re not sure of something.

There are example checklists you can look at – Every CMS secret shopper fills out the same survey and is looking for the same things. While CMS doesn’t make the most current one available to the public, you can click here to look at a sample from a prior year. If you know what they’re looking for, you know what you have to do.

Most deficiencies found were for easily avoidable infractions – In 2014, CMS secret shoppers found 305 deficiencies at the events they surveyed. Sixty-nine were for failing to provide and go over star ratings, and 67 were for failing to make available required information like the Summary of Benefits or provider directory when providing an enrollment form. These are easily prevented by making sure you have the necessary materials and that you go over the information required.

If you take a little time and some care, you can put together an informative, compliant event to help grow your business, without fear of a secret shopper lurking around every corner.

With the recent hacks of high profile insurers and retailers, data security has become headline news. As an independent agent, you are responsible for ensuring the security of any data you have in your possession.
Below are some recommendations for how to ensure your clients’ data is protected.

Password protect any computers or mobile devices that can access client information – Any devices that can access client information should be secured. Every device will allow you to set a password or passcode, and some devices may also allow alternate methods like security patterns or fingerprint scans. Remember that this doesn’t just apply to computers. Smart phones and tablets that can access your email or address book should also be secured.

Keep your software updated – Software developers do their best to fix any security issues or add protection against new threats as quickly as possible, but it’s still your responsibility to make sure that those updates are installed as soon as they become available. It’s also important to pay attention to when developers end support for older software. For example, Microsoft stopped releasing security updates for Windows XP in April of 2014.

Use only secure wi-fi networks – Any time you access an open or public wireless network, other people may potentially be able to access your data. Fake networks in cafes or other public places are also a popular way for identity thieves to gather information. If you must use a network that is not secured, do not access any client data while you’re connected.

Limit access to client data – If you have employees or family members who have access to your computer, mobile devices, or your office in general, do your best to limit the information they can access. Set up separate accounts on computers so that you can limit access to only necessary data, and keep close track of mobile devices.

Only transmit client data by secure email or fax – Any time client personal information needs to be sent to another party, it must be sent either via secure email or by fax. Even if you’re sending the information to the client themselves, it must be sent securely in case the email is intercepted or accessed inappropriately.

Lock hard copy files in file cabinets or a separate file room – Many hard copies of applications or client policy information may still need to be kept to comply with records retention requirements. Invest in a locking file cabinet, or keep files in a separate room that can be locked. Also, don’t leave client files sitting out unattended while you’re working if your desk or other workspace can be accessed by other people.

Keeping client data secure does require some extra steps, but those extra steps can save you and your clients expensive and time consuming problems.

We know you all want to steer clear of any compliance issues, so here are a few of the most common mistakes you need to avoid.

Agent Phone Number DisclaimerÂ – Anything other than business cards that includes an agent’s phone number must note that calling that number will connect someone to a licensed agent.

Network Restrictions – When enrolling clients in an HMO, make sure any network limitations or referral requirements are clearly and completely explained. It’s also important to make certain that clients are aware that providers can leave networks if they choose. This is probably the single most common reason for sales allegations.

Font Size – All text on any marketing or plan materials must be at least Times New Roman 12 point (or equivalent). This does not apply to television ads, internal tracking numbers, taglines as part of logos, or announcements placed in the Public Notices section of a newspaper.

Promising Formulary Exceptions – Agents cannot promise that a carrier will grant a formulary exception to cover a member’s prescription drug. You can explain that the client can request an exception, but you must inform them that the decision rests entirely with the plan.

Misrepresenting Plan Availability – If there are plans available to a client that you as an agent do not offer, you still must inform the client that there are other options that they can consider.

Using “Best”, “Highest Ranked”, or Other Superlatives – Any absolute superlatives (best, highest ranked, most popular, etc.) cannot be used unless they are backed up by data that is provided to CMS for review. This *includes* qualified superlatives like “one of the best” or “among the most popular.”

Cross-selling – If you uncover additional client needs that you could help meet with other types of products, you can certainly offer those, but it must be at a separate appointment from Medicare products. What’s on the Scope of Appointment is all that can be discussed that day.

Advertising Sales Events – Sales events cannot be advertised before they are submitted and approved by carriers and CMS. Events must registered as “advertised” if any form of advertisement (including flyers on bulletin boards or similar) is going to be used.

And remember, we’re here to help if you have any questions or concerns about compliance, so don’t be afraid to reach out!